# syntax=docker/dockerfile:1
FROM python:3.11-slim AS base
ENV PYTHONDONTWRITEBYTECODE=1 \
    PYTHONUNBUFFERED=1 \
    PIP_NO_CACHE_DIR=1 \
    PATH="/app/.venv/bin:$PATH"

WORKDIR /app

# System deps
RUN apt-get update && apt-get install -y --no-install-recommends \
    ca-certificates curl \
    && rm -rf /var/lib/apt/lists/*

# Copy metadata early for layer caching
COPY pyproject.toml README.md ./

# Create venv and install
RUN python -m venv /app/.venv && \
    /app/.venv/bin/pip install --upgrade pip setuptools wheel && \
    /app/.venv/bin/pip install -e .

# Copy source
COPY src/ ./src/
COPY templates/ ./templates/

# Non-root user for security
RUN useradd -u 1001 -m appuser && chown -R 1001:1001 /app
USER 1001

# Security: Read-only filesystem except for tmp
VOLUME ["/tmp"]

CMD ["python", "-m", "csv_pandas_chat_server.server"]
